Jump to content

Please review my Farbar Logs. Think Im infected Many thanks


Recommended Posts

Hello Geotime70 and :welcome:

My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear.

I see signs of infection in your logs. I also see some system restrictions in the Farbar logs. Sometimes system restrictions are made by the IT system administrator in companies. Please let me know if this computer is yours or belongs to a company.

Thank you.

Rui

Link to post
Share on other sites

Hello Geotime70.

Okay, please do the following:

Download Malwarebytes Anti-Rootkit BETA and save it to your computer Desktop.

  • Right-click on the icon and select Run as administrator to start the extraction of the program;
  • Click Yes to accept the security warning that may appear;
  • Click OK to extract it to your Desktop (MBAR will be launched shortly after the extraction);
  • Click on Next, and then on the Update button to let it update its database. Once the database has been successfully updated, click on Next;
  • Make sure all the checkboxes are checked, then click on the Scan button, and let it completes its scan (this can take a while);
  • Once the scan is done, if threats are found, make sure that every item is checked, and click on the Cleanup button (a reboot might be required);
  • After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt;


Please attach that log in your next reply for my review.

Rui

Link to post
Share on other sites

The info below is what MBAR found. I didn't clean it because I wanted to get your opinion of the problem because the info may be needed for legal proof of the person that may be responsible. Is this infection capable or indicative of the ability to remote access/monitor my computer? or do I need to provide more info to the forum to know if its been remotely compromised? Thanks so much !!!

C:\$Recycle.Bin\S-1-5-21-195452717-4015840646-14549003-1001\$f4e27e32d5b5bc8261cb000bef51340d\@ (Trojan.Siredef.C)

C:\Users\J.Lee\AppData\Local\svcxdcl32.dat (Trojan.MalPack)

HKU\S-1-5-21-195452717-4015840646-14549003-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Svc2dll (Trojan.Agent)

C:\$Recycle.Bin\S-1-5-21-195452717-4015840646-14549003-1001\$f4e27e32d5b5bc8261cb000bef51340d\U (Trojan.Siredef.C)

C:\$Recycle.Bin\S-1-5-21-195452717-4015840646-14549003-1001\$f4e27e32d5b5bc8261cb000bef51340d\L (Trojan.Siredef.C)

C:\$Recycle.Bin\S-1-5-21-195452717-4015840646-14549003-1001\$f4e27e32d5b5bc8261cb000bef51340d (Trojan.Siredef.C)

Link to post
Share on other sites

Hello Geotime70.

You were infected by a rootkit. This is a very nasty infection that can compromise your computer by stealing your personal data.

 

5 hours ago, Geotime70 said:

Is this infection capable or indicative of the ability to remote access/monitor my computer?

Yes but it's difficult to say if that already happened or not so with this type of infection we highly recommend the users NOT to use the Internet until the computer is clean. I mean you can and should stay connected while the cleanup, however DO NOT use it for online banking, shopping, e-mail, etc.

It is also highly recommended that you change all your passwords (from online banking, shopping websites, e-mails, etc.) after the cleaning process.

On the link below you have more information about this infection:

https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FSirefef.C

 

5 hours ago, Geotime70 said:

I didn't clean it because I wanted to get your opinion of the problem because the info may be needed for legal proof of the person that may be responsible.

What person? If you mean the stealer, that is hard to proof. I would recommend you let us help you scan and clean your computer for any further threats.

If you like to do that please follow the directions below:

 

First, re-run Malwarebytes Anti-Rootkit BETA and cleanup all the threats it find.

 

Next,

Please download Malwarebytes version 3 from this link and save it to the computer Desktop.

  • Right-click on the Malwarebytes icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the Malwarebytes dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool´s database.
  • On the left menu pane click on the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the buttons Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to check-mark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.


Please attach that log for my review.

Note: If asked to restart the computer, please do so immediately.

 

Next,

Please download RogueKiller_portable64.exe by Tigzy and save it to your computer Desktop.

  • Now close all programs and Internet browsers and disconnect any USB or external drives from the computer before you run this scan!
  • Right-click on the file RogueKiller_portable64.exeand select Run as administrator to start the tool.
  • Click Yes to accept the User Account Control security warning that may appear.
  • Once the tool is open, click the 'Scan' tab menu and the click the Start Scan button.
  • Wait until the scan has finished. Note: This scan may take some time to complete;
  • Warning: Do NOT remove any entry it found. They may be not all bad and need to be carefully analyzed.
  • Once finished the results will be displayed. Click on the Open Report button. It will open a new window.
  • Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your computer Desktop.
  • Close RogueKiller.


Please attach the RKlog.txt to your next reply.

 

To summarize, please attach the following logs:

Malwarebytes Anti-Rootkit BETA log.

Malwarebytes clean log.

RKlog.txt scan log.

 

How is the computer running at this point?

Thank you.

Rui

 

Link to post
Share on other sites

Hello Geotime70.

9 hours ago, Geotime70 said:

If I have the email and attachments she sent would the attachment still contain the executable code for me to prove it was her?

Probably. If the attachments are really infected, yes. But be aware that your system can be infected while browsing the Internet, most likely if you navigate on websites with pirated software (carcks, keygens), porn sites, torrents, fraud, etc. That is why I said that it is hard to proof from where the infection came from. Only through computer forensics analysis you can determine that with certainly. But that is beyond the scope of these forums.

Do you still want help to scan and clean the computer?

Link to post
Share on other sites

Thanks for your patience. The computer in question is not my primary anymore but I'm going to clean it and post logs you requested.

One FINAL question beforehand, can you recommend a dump software that will copy my files before cleaning? I tried Dumpfile but its cmd prompt interface was beyond my scope of computer knowledge. Just wanted to make sure I didn't delete evidence of her hacking me before cleaning. I'm not a vengeful person but she has made my life hell with false allegations and much more. To disprove her credibility to the courts by proving she is hacking me would help me tremendously to redeem my character..

Link to post
Share on other sites

57 minutes ago, Geotime70 said:

Thanks for your patience.

You're welcome!

 

58 minutes ago, Geotime70 said:

One FINAL question beforehand, can you recommend a dump software that will copy my files before cleaning?

Check out these two and see what fits best for your purposes. They are free for non-commercial use.

https://www.lifewire.com/aomei-backupper-standard-review-2617893

https://www.techradar.com/reviews/easeus-todo-backup-free

 

For e-mail accounts you can use one of these:

https://www.mailstore.com/

http://www.kls-soft.com/klsmailbackup/index.php

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.